package com.study.security.app;

import com.study.security.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import com.study.security.core.authorize.AuthorizeConfigManager;
import com.study.security.core.constant.SecurityConstants;
import com.study.security.core.properties.SecurityProperties;
import com.study.security.core.validate.code.config.ValidateCodeSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.social.security.SpringSocialConfigurer;

/**
 * oauth2资源服务器
 * @author LiYongKui
 * @version 1.0
 * @date 2021/4/7 11:07
 */
@Configuration
@EnableResourceServer
public class SecurityResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    protected AuthenticationSuccessHandler customAuthenticationSuccessHandler;
    @Autowired
    protected AuthenticationFailureHandler customAuthenticationFailureHandler;
    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;
    @Autowired
    private SecurityProperties securityProperties;
    @Autowired
    private SpringSocialConfigurer securitySocialConfig;
    @Autowired
    private AuthorizeConfigManager authorizeConfigManager;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        //form表单登陆
        http.formLogin()
                //设置自定义登陆页面
                .loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
                //修改登陆请求路径
                .loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_FORM)
                .successHandler(customAuthenticationSuccessHandler)
                .failureHandler(customAuthenticationFailureHandler);

        http //.apply(validateCodeSecurityConfig)
              //  .and()
                .apply(smsCodeAuthenticationSecurityConfig)
                .and()
                .apply(securitySocialConfig)
                .and()
                //csrf 防护功能关闭
                .csrf().disable();
            authorizeConfigManager.config(http.authorizeRequests());
    }

}
